Arizona Woman Indicted for Alleged Role in North Korea Identity Theft Scheme

The scheme compromised the identities of 60 Americans and generated $6.8 million in revenue for the overseas IT workers, according to the DOJ.
Arizona Woman Indicted for Alleged Role in North Korea Identity Theft Scheme
North Korea's flag flutters next to concertina wire at the North Korean embassy in Kuala Lumpur, Malaysia, on March 9, 2017. (Edgar Su/Reuters)
Aldgra Fredly

An Arizona woman was charged on Thursday for her alleged role in a scheme to help North Korean IT workers pose as U.S. citizens in order to apply for remote positions at U.S. companies, the Department of Justice (DOJ) said.

Christina Marie Chapman, 49, of Litchfield Park, Arizona, was arrested on May 15 for her alleged participation in a scheme that compromised the identities of 60 Americans and defrauded over 300 U.S. companies.

“Today’s announcement of charges and law enforcement action show our broad approach to attacking funding sources for North Korea across the United States,” U.S. Attorney Matthew M. Graves for the District of Columbia said in a statement.

Among the affected companies are a top-five television network, a Silicon Valley technology company, an aerospace manufacturer, and an American car manufacturer, according to the DOJ.

“Some of these companies were purposely targeted by a group of DPRK IT workers, who maintained postings for companies at which they wanted to insert IT workers,” it stated, using the acronym for North Korea’s official name, the Democratic People’s Republic of Korea.

The scheme compromised the identities of 60 Americans, caused false tax liabilities for 35 U.S. persons, and generated $6.8 million in revenue for the overseas IT workers—many of whom were tied to North Korea—according to the indictment.

Ms. Chapman was accused of running a “laptop farm,” whereby she hosted the computers of overseas IT workers inside her home to make the companies believe that the computers were located in the United States.

Prosecutors alleged that Ms. Chapman also forged payroll checks and received direct deposits of the overseas IT workers’ wages from U.S. companies into her own bank accounts, the DOJ stated.

Ukrainian National Charged With Creating Fake Accounts

Ms. Chapman allegedly conspired with Oleksandr Didenko, a 27-year-old Ukrainian national, who was charged with creating fake accounts on U.S.-based IT job search platforms and with U.S. money service transmitters.

According to the indictment, Mr. Didenko allegedly sold these accounts to overseas IT workers for them to use in applying for jobs with U.S. companies.

He was also accused of operating at least three U.S.-based “laptop farms” consisting of 79 computers. One of his customers allegedly asked him to send a laptop to Ms. Chapman, the DOJ stated.

His website domain,, has also been seized by authorities as part of the investigation. The United States is seeking Mr. Didenko’s extradition from Poland following his arrest on May 7.

Three unidentified foreign nationals were also charged with money laundering for their roles in the scheme. The DOJ said it has also seized the wages of over 19 overseas IT workers.

“The charges in this case should be a wakeup call for American companies and government agencies that employ remote IT workers,” Principal Deputy Assistant Attorney General Nicole M. Argentieri stated.

“These crimes benefitted the North Korean government, giving it a revenue stream and, in some instances, proprietary information stolen by the co-conspirators,” she added.

North Korean Cyber Actors

The U.S. Intelligence Community said in its 2022 report that cyber actors linked to North Korea have conducted “espionage efforts against a range of organizations, including media, academia, defense companies, and governments, in multiple countries.”

“We assess that North Korea continues to engage in illicit activities, including cyber theft and the export of UN-proscribed commodities to fund regime priorities, including [its weapons of mass destruction program],” according to the report.

The intelligence community warned that North Korea could have the expertise “to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States.”

“Pyongyang is well positioned to conduct surprise cyber attacks given its stealth and history of bold action,” the report reads.